10.1145/3152701.3152706acmconferencesArticle/Chapter ViewAbstractPublication PagesmiddlewareConference Proceedingsconference-collections
research-article

SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control

Online:28 October 2017Publication History

ABSTRACT

Protected module architectures such as Intel SGX hold the promise of protecting sensitive computations from a potentially compromised operating system. Recent research convincingly demonstrated, however, that SGX's strengthened adversary model also gives rise to to a new class of powerful, low-noise side-channel attacks leveraging first-rate control over hardware. These attacks commonly rely on frequent enclave preemptions to obtain fine-grained side-channel observations. A maximal temporal resolution is achieved when the victim state is measured after every instruction. Current state-of-the-art enclave execution control schemes, however, do not generally achieve such instruction-level granularity.

This paper presents SGX-Step, an open-source Linux kernel framework that allows an untrusted host process to configure APIC timer interrupts and track page table entries directly from user space. We contribute and evaluate an improved approach to single-step enclaved execution at instruction-level granularity, and we show how SGX-Step enables several new or improved attacks. Finally, we discuss its implications for the design of effective defense mechanisms.

References

  1. Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software grand exposure: SGX cache attacks are practical. In 11th USENIX Workshop on Offensive Technologies (WOOT '17). USENIX Association. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Sanchuan Chen, Xiaokuan Zhang, Michael K Reiter, and Yinqian Zhang. 2017. Detecting privileged side-channel attacks in shielded execution with Déjà Vu. In Proceedings of the 2017 Asia Conference on Computer and Communications Security (Asia CCS '17). ACM, 7--18. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal hardware extensions for strong software isolation. In Proceedings of the 25th USENIX Security Symposium. USENIX Association.Google ScholarGoogle Scholar
  4. Marcus Hähnel, Weidong Cui, and Marcus Peinado. 2017. High-resolution side channels for untrusted operating systems. In 2017 USENIX Annual Technical Conference (ATC '17). USENIX Association. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Intel Corporation. 2016. Intel 64 and IA-32 architectures optimization reference manual. Reference no. 248966-033.Google ScholarGoogle Scholar
  6. Intel Corporation. 2017. Intel 64 and IA-32 architectures software developer's manual. Reference no. 325462-062US.Google ScholarGoogle Scholar
  7. Intel Corporation. 2017. Intel software guard extensions developer guide. software.intel.com/en-us/documentation/sgx-developer-guide.Google ScholarGoogle Scholar
  8. Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2017. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In Proceedings of the 26th USENIX Security Symposium. USENIX Association.Google ScholarGoogle Scholar
  9. P. Maene, J. Götzfried, R. de Clercq, T. Müller, F. Freiling, and I. Verbauwhede. 2017. Hardware-based trusted computing architectures for isolation and attestation. IEEE Trans. Comput. 99 (2017).Google ScholarGoogle Scholar
  10. Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. 2017. CacheZoom: How SGX amplifies the power of cache attacks. In Conference on Cryptographic Hardware and Embedded Systems (CHES '17).Google ScholarGoogle ScholarCross RefCross Ref
  11. Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2017. Malware guard extension: Using SGX to conceal cache attacks. In Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA '17).Google ScholarGoogle Scholar
  12. Ming-Wei Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. 2017. T-SGX: Eradicating controlled-channel attacks against enclave programs. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.Google ScholarGoogle ScholarCross RefCross Ref
  13. Jo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution. In Proceedings of the 26th USENIX Security Symposium. USENIX Association.Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Nico Weichbrodt, Anil Kurmus, Peter Pietzuch, and Rüdiger Kapitza. 2016. AsyncShock: exploiting synchronisation bugs in Intel SGX enclaves. In European Symposium on Research in Computer Security (ESORICS '16). Springer.Google ScholarGoogle ScholarCross RefCross Ref
  15. Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In IEEE Symposium on Security and Privacy. IEEE, 640--656. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in
    • Published in

      ACM Conferences cover image
      SysTEX'17: Proceedings of the 2nd Workshop on System Software for Trusted Execution
      October 2017
      55 pages
      ISBN:9781450350976
      DOI:10.1145/3152701

      Copyright © 2017 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Online: 28 October 2017

      Permissions

      Request permissions about this article.

      Request Permissions

      Qualifiers

      • research-article
      • Research
      • Refereed limited

      Upcoming Conference

      Middleware '22
      • Sponsor:
      Middleware '22: 23rd International Middleware Conference
      November 7 - 11, 2022
      Quebec , QC , Canada

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!